@Cyberagent101 profile picture
Spider0x @Cyberagent101
Joined December 2021
  • Tweets 46
  • Following 169
  • Followers 187
7 Photos and videos
Spider0x retweeted
Cyber 5W
@cyber5w
28 Apr 2024
As a DFIR Engineer, you should notice something suspicious going on here!! But how many techniques do you know that an attacker can use to hide this easy detection from you?! #C5W #DFIR #Malware #ThreatHunting #Cybersecurity
2
6
20
4,013
Spider0x retweeted
Ali Hadi | B!n@ry@binaryz0ne
28 Mar 2024
Another great Memory Forensics post and exercise written by @Cyberagent101 for @cyber5w #DFIR #MemoryForensics blog.cyber5w.com/anomalies-h…
28
57
3,807
New Hall of Fame member ^-^
Cyber 5W
@cyber5w
16 Mar 2024
Congrats Amr @Cyberagent101 from @cyber5w #CCDFA #C5W #DFIR cyber5w.com/hof.html
1
3
7
2,432
Spider0x retweeted
Ali Hadi | B!n@ry@binaryz0ne
14 Mar 2024
Another good blog written by @Cyberagent101 #DFIR
Cyber 5W
@cyber5w
14 Mar 2024
Are you curious about NTFS Artifacts Analysis? Dive into our latest blog post for more: blog.cyber5w.com/ntfs-artifa… #C5W #DFIR #Filesystem #DigitalForensics
7
6
2,474
NTFS is always the place where every disk-related artifact will leave a trace, mastering its analysis is a crucial skill to have as this will make your investigation much easier. #blueteam #digitalforensics #cyberdefense
1
98
Check out my last blog post talking about how I customize my malware analysis machine with tools and plugins that can make my life easier and save me time. blog.cyber5w.com/malware a…

1
17
31
2,814
If you have any addition or an interesting tool you want to share it with the community, please reach out to me and I will add it to the post, I am really interested to know more about how other analysts customize their machines. #malware #blueteam #cybersecuritytips
2
137
Just a quick tip for reverse engineering new guys, and any old one who doesn't care. Never rely on Decompiled code only, that always happens to me, but this time that was insane. my decompiler missed tens of lines of functions and API calls.
1
1
2
569
"Always double-check your decompiled code and if something seems wrong, go with assembly". #ReverseEngineering #malware #DFIR
1
103
Browsers are keeping track of almost every move, check out my new blog post which is a reference where you can find what you need during your investigation. blog.cyber5w.com/browser f… @cyber5w #dfir #blueteam #CyberSecurity #DigitalForensics
1
5
151
Spider0x retweeted
Cyber 5W
@cyber5w
25 Feb 2024
In our new blog post, @Cyberagent101 wrote about the different Anti-Analysis techniques used by the #Pikabot malware in its loader with detailed analysis. #malware #DFIR #Cybersecurity #RE blog.cyber5w.com/malware a…
11
17
4,702
Hey malware analysts, "Pikabot" is a relatively new malware and is considered the second wave of the famous "Qakbot". This malware contains two stages armed with many Anti-Analysis techniques to make defenders' lives harder like: blog.cyber5w.com/malware a…

2
15
49
4,028
- Junk Code - API Hashing - Encrypted Stack Strings - INT 0x2D instruction - OutputDebugString - Memory Write Watch Here is a detailed analysis of the new version of its Loader part.
1
180
#malware #dfir #CybersecurityNews
138
Firmware is really a great place for hunting vulnerabilities these days. here I am discussing how to emulate and reverse firmware binaries by doing research in "DLINK DIR 832G" router "CVE-2023-43241 & CVE-2023-43235" OOB writes. amr-git-dot.github.io/vulner…

Dlink router CVEs

Detailed analysis of multiple CVES that can lead to RCE in Dlink routers via stack overflow

amr-git-dot.github.io
1
252
For Malware Analysts & Developers, another trick for executing code before "main" using "_initterm" to hide code. In this small article I discuss how you can get code execution before main using dynamically assigned global variables. amr-git-dot.github.io/malwar… #malware
1
2
260
I wonder how two versions of a DLL with only about three months difference can have over 10KB of size. "Microsoft office product"
2
287
ESXIArgs Ransomware analysis. ESXIArgs Ransomware is widely spread these days due to the wide exploitation of a vulnerability with CVE-2021-21974 which is quite old but is not patched in many ESXI Servers. The malware itself is not complex at all but the danger comes from the
1
362
lack of good anti-virus solutions in such an environment. amr-git-dot.github.io/malwar…

ESXIArgs Ransomware Analysis

Detailed Analysis of ESXIArgs Ransomware…

amr-git-dot.github.io
1
204
Stop ransomware family is one of the most spread ransomware families, it comes packaged in game cracks, email attachments, and many other ways. it's using an asymmetric key algorithm for encryption so it's impossible to decrypt without paying the Ransome and getting the
1
188
decryption key. "Or the luck be with you and the hackers gets hacked" here is my detailed analysis of the Stop ransomware which contains: - General information about the sample. - How the sample checks & initializes the environment.
1
168
- Investigate the two persistence mechanism used. - Investigate the different flows based on the parameters. - Investigate the steps of encryption. - Yare rule for detection. amr-git-dot.github.io/malwar…

Stop Ransomeware

Detailed analysis of The most known Ransomeware family ‘STOP’ …

amr-git-dot.github.io
1
140
Load more